CSI 2025Recognized at the CSI Cyber Security Awards 2025 — Women in Cyber + Outstanding Training

Book Consultation

The Authority · CERT-In Empanelled

Audits your regulator accepts on the first read.

Macksofy is empanelled by the Indian Computer Emergency Response Team (CERT-In) under MeitY. Our reports satisfy RBI, SEBI, IRDAI, UIDAI, payment system operators and global certification bodies — across 34 compliance frameworks.

Browse all 21 audits Find my framework

Government of India · Ministry of Electronics & IT

CERT-In Empanelled
Information Security Auditor

Authorized to perform regulator-grade audits in India·SEBI · RBI · UIDAI · IRDAI accepted

Indian Regulatory

CERT-In AuditRBI CSFSEBI CSCRFSEBI SAR+10 more

UAE PDPLUAE IASADHICSDESC ISR+3 more

International Standard

ISO 27001ISO 27017ISO 27018ISO 27701+3 more

Industry & Privacy

PCI-DSSHIPAAGDPR

Cyber AuditCompliance AuditsRisk Assessment

Start here · The foundational audit

Six pillars. One full picture.

Every regulator-specific audit on this page sits on top of the same scaffold — a generalist Macksofy cybersecurity audit. These are the six workstreams it always covers, regardless of which regulator or certification body you ultimately answer to.

Coverage breakdown

Asset & data inventory3 pts
Governance & policy3 pts
Technical control posture3 pts
Threat & vulnerability mgmt3 pts
Incident & response readiness3 pts
Maturity roadmap3 pts

Asset & data inventory

The audit only goes as deep as your inventory does. We start by fixing the inventory.

▸Asset register across IT, OT, cloud, SaaS
▸Data-flow + crown-jewel mapping
▸Shadow-IT discovery

Read pillar detail

Governance & policy

Board-down accountability with operator-up evidence.

▸CISO charter + RACI
▸Policy library currency & ownership
▸Risk-committee minutes evidence

Read pillar detail

Technical control posture

Hands-on testing of what the policies say is in place.

▸Network segmentation + perimeter
▸Identity, MFA, privileged access
▸Endpoint, patch, anti-malware baseline

Read pillar detail

Threat & vulnerability mgmt

From discovery to closure — the lifecycle most audits skip.

▸VAPT + scanning cadence
▸Vulnerability triage & SLA evidence
▸Threat-intel ingestion + ATT&CK coverage

Read pillar detail

Incident & response readiness

How would you detect, contain, recover from a real incident next Tuesday?

▸SOC / MSSP coverage & runbooks
▸IR plan + tabletop drill
▸Backup, DR, communication plan

Read pillar detail

Maturity roadmap

Where you are today vs where you need to be in 12-24 months.

▸Heatmap vs NIST CSF + ISO 27001
▸Top-10 prioritised actions
▸Year-1 + Year-2 investment plan

Read pillar detail

Want the full cybersecurity audit?

Deep-dive page with engagement timeline, deliverables, case studies and the radial breakdown above.

View cybersecurity audit

RBI · SEBI · IRDAI · CERT-In · DPDP

Indian regulatory audits

Regulator-format audits accepted by RBI, SEBI, IRDAI, UIDAI and CERT-In on first read. CERT-In empanelment letters supplied with every engagement.

14 engagements

Government of India · MeitY · CERT-In Empanelled

CERT-In Empanelled Audit

The audit your regulator will accept on the first read.

CERT-In Information SecurityRBI Cyber Security FrameworkSEBI Cybersecurity & Cyber R

Read engagement

Reserve Bank of India · Banks · NBFCs · UCBs · Payment Operators

RBI Cyber Security Framework Audit

End-to-end RBI CSF audit — control assessment, SAR drafting, inspector defence.

RBI Cyber Security FrameworkRBI Master Direction on IT GRBI Master Direction on Outs

Read engagement

SEBI Cybersecurity & Cyber Resilience Framework

SEBI CSCRF Audit

CSCRF audit for stock brokers, depository participants, AMCs.

SEBI CSCRFSEBI Cybersecurity Circular CERT-In Information Security

Read engagement

Annual System Audit · CERT-In Empanelled

SEBI System Audit Report (SAR)

The half-yearly / annual SAR your stock broker or DP can submit on the first read.

SEBI SAR FormatSEBI CSCRFSEBI Cybersecurity Circular

Read engagement

Insurance Regulatory · IRDAI Cyber Crisis Management

IRDAI Information Security Audit

IRDAI compliance for insurers, brokers, web aggregators, TPAs.

IRDAI Information & Cyber SeIRDAI Cyber Crisis ManagemenInsurance Act + IRDAI Regula

Read engagement

Digital Personal Data Protection Act 2023

DPDP Act Compliance

Audit + advisory for India's first comprehensive privacy law.

Digital Personal Data ProtecDPDP RulesSectoral overlays

Read engagement

Credit Information Companies Regulation Act, 2005

CICRA Compliance Audit

CICRA + RBI directions audit for CICs, lenders and credit specified users.

Credit Information CompaniesCIC Rules 2006RBI Master Direction

Read engagement

Annual + Quarterly · Regulator-Format

VAPT for RBI / PCI-DSS

VAPT engineered to satisfy RBI and PCI-DSS in one engagement.

RBI Cyber Security FrameworkPCI-DSS v4.0 Requirement 11.PCI ASV scanning

Read engagement

Reserve Bank of India · REs · LSPs · DLAs · FLDG partners

RBI Digital Lending Guidelines Audit

FLDG, DLG, LSP and DLA audit — disbursement-to-collection trail RBI inspectors actually read.

RBI Guidelines on Digital LeRBI Default Loss Guarantee iWorking Group on Digital Len

Read engagement

RBI Master Direction · IT Governance, Risk, Controls & Assurance · 2023-24

RBI IT Governance Master Direction Audit

Board IT Strategy Committee to operator-level evidence — audited the way RBI inspectors read it.

RBI Master Direction on IT GRBI Cyber Security FrameworkRBI Master Direction on Outs

Read engagement

RBI Master Direction · Outsourcing of IT Services · 2023

RBI IT Outsourcing Master Direction Audit

Vendor risk, cloud, offshoring and concentration — the IT-outsourcing audit RBI expects.

RBI Master Direction on OutsRBI Guidelines on Managing RRBI Master Direction on IT G

Read engagement

SEBI · Stock Exchanges · Clearing Corporations · Depositories

SEBI MII Cybersecurity Framework Audit

MII-grade cyber audit — 99.99% availability, capacity-tested, cross-MII coordinated.

SEBI Cybersecurity & Cyber RSEBI Cybersecurity & Cyber RSEBI Business Continuity Pla

Read engagement

DPDP Act 2023 · Section 10 · Significant Data Fiduciaries

DPDP Significant Data Fiduciary Audit

DPIA, DPO, independent data audit — the SDF obligations that sit on top of base DPDP.

Section 10, Digital PersonalDPDP RulesSectoral overlays

Read engagement

OWASP ASVS · SANS CWE Top 25 · Compliance-mapped

WASA — Web Application Security Assessment

Procurement-grade Web Application Security Assessment — design integrity, not just exploit-finding.

OWASP Top 10OWASP ASVS V4.0SANS CWE Top 25

Read engagement

UAE · KSA · Dubai · Abu Dhabi · DESC · NESA

UAE & GCC regulatory audits

UAE Federal PDPL, NESA / UAE IA Standards, ADHICS, DESC ISR, SAMA CSF, CBUAE banking cyber and NCA ECC-2 — delivered with the same audit rigour Macksofy applies to RBI and SEBI work.

07 engagements

UAE Federal Personal Data Protection Law

UAE PDPL Compliance Audit

End-to-end PDPL readiness — controller register, consent, DPO, cross-border transfers.

UAE Federal Decree-Law No. 4Executive RegulationsUAE Data Office decisions an

Read engagement

UAE IA Standards · formerly NESA · now under TDRA / Cyber Security Council

UAE Information Assurance (NESA / IAS) Audit

Tier-1 to Tier-4 IA Standards audit for UAE critical sectors and federal entities.

UAE Information Assurance StUAE Information Assurance ReCyber Security Council Natio

Read engagement

Abu Dhabi Healthcare Information & Cyber Security Standard · DoH

ADHICS Compliance Audit

Full ADHICS readiness for Abu Dhabi healthcare providers, payers and Malaffi participants.

ADHICS StandardDoH licensing standards and Malaffi Health Information E

Read engagement

Dubai Electronic Security Centre · Information Security Regulation

Dubai DESC ISR Audit

DESC ISR readiness for Dubai government entities and sector-specific operators.

DESC Information Security ReDubai Cyber Security StrategDubai Government Information

Read engagement

Saudi Central Bank · Banks · Insurers · Finance Companies

SAMA Cyber Security Framework Audit

End-to-end SAMA CSF audit — control assessment, maturity scoring, submission pack.

SAMA Cyber Security FrameworSAMA IT Governance + OutsourSAMA Business Continuity Man

Read engagement

Central Bank of UAE · Banks · Finance Companies · Digital Banks · Exchange Houses

CBUAE Cyber & Digital Banking Compliance

Cyber, IT-operations and digital-banking compliance for CBUAE-regulated entities.

CBUAE Consumer Protection ReCBUAE Retail Payment ServiceCBUAE Stored Value Facilitie

Read engagement

National Cybersecurity Authority · Essential Cybersecurity Controls v2

Saudi NCA ECC-2:2024 Audit

NCA ECC-2:2024 audit — baseline cybersecurity for all organisations in KSA.

NCA Essential Cybersecurity NCA Critical Systems CyberseNCA Cloud Cybersecurity Cont

Read engagement

ISO · SOC 2 · NIST

International standards

ISO/IEC 27001, 27017, 27018, 27701, 42001, SOC 2 Type 1+2 and NIST CSF 2.0 — implemented by ISO Lead Auditor / AI Auditor / SOC 2 readiness teams.

07 engagements

Implementation · Internal Audit · Certification

ISO 27001 Consulting & Implementation

ISO 27001 done in 16 weeks — by people who've shipped 30+ certifications.

ISO/IEC 27001:2022ISO/IEC 27002:2022ISO/IEC 27017

Read engagement

Cloud-Specific Controls · Extension to ISO 27001

ISO/IEC 27017 — Cloud Security Certification

Cloud security controls procurement teams actually look for.

ISO/IEC 27017:2015ISO/IEC 27001:2022ISO/IEC 27018:2019

Read engagement

Privacy Controls · Public Cloud Processors

ISO/IEC 27018 — PII in Public Cloud

The PII-in-cloud certification customers ask for first.

ISO/IEC 27018:2019ISO/IEC 27001:2022ISO/IEC 27701

Read engagement

PIMS · Privacy as a Management System

ISO/IEC 27701 — Privacy Information Management

GDPR + DPDP, certified as a system — not a checklist.

ISO/IEC 27701:2019ISO/IEC 27001:2022GDPR + DPDP mapping

Read engagement

AI Governance · World's First AI Management Standard

ISO/IEC 42001 — AI Management System

Demonstrate responsible AI to customers, regulators and boards.

ISO/IEC 42001:2023EU AI ActNIST AI Risk Management Fram

Read engagement

AICPA Trust Services · Type 1 + Type 2

SOC 2 Type 1 + Type 2 Audit

The single artefact every US enterprise customer asks for.

AICPA SOC 2AICPA SOC 1ISO 27001

Read engagement

NIST CSF 2.0 · Govern · Identify · Protect · Detect · Respond · Recover

NIST Cybersecurity Framework Audit

The maturity model boards understand and regulators reference everywhere.

NIST Cybersecurity FrameworkNIST SP 800-53NIST SP 800-171

Read engagement

PCI · HIPAA · GDPR

Industry & privacy

Cards (PCI-DSS v4.0), healthcare (HIPAA + HITRUST) and EU privacy (GDPR + ISO 27701). Cross-jurisdiction programs that share evidence across regimes.

03 engagements

PCI Security Standards Council · v4.0 Mandatory

PCI-DSS v4.0 Compliance

PCI-DSS v4.0 readiness, internal audit and QSA coordination.

PCI-DSS v4.0PCI Software Security FramewPCI Mobile Payment Acceptanc

Read engagement

Privacy · Security · Breach Notification · Omnibus

HIPAA Compliance Audit

HIPAA + HITRUST audits for healthcare entities and business associates.

HIPAA Privacy RuleHIPAA Security RuleHIPAA Breach Notification Ru

Read engagement

EU General Data Protection Regulation

GDPR Compliance Audit

GDPR audits, DPIAs, EU representative and DPO services for India + UAE businesses.

EU General Data Protection RUK GDPR + Data Protection AcEU AI Act

Read engagement

Start here

Foundational engagements

Cross-cutting audits that anchor every compliance program — comprehensive maturity reviews, multi-framework consolidations and risk quantification.

03 engagements

Comprehensive Security Audits

Cybersecurity Audit Services

An honest mirror to your security posture.

NIST Cybersecurity FrameworkISO 27001:2022 Annex ACIS Controls v8

Read engagement

Regulator-Ready · India + UAE

Compliance & Regulatory Audits

Compliance, simplified.

RBI Cyber Security FrameworkSEBI CSCRFPCI-DSS v4.0

Read engagement

Quantitative + Qualitative · Board-Ready

Cybersecurity Risk Assessment

Know what to fix first. With math.

FAIRISO 27005:2022NIST SP 800-30

Read engagement

Frameworks at a glance

One engagement, many regulations.

Most of our clients are dual-regulated — RBI + PCI for fintechs, IRDAI + DPDP for insurers, SOC 2 + ISO 27001 for SaaS, GDPR + DPDP for multinationals. We map controls across regimes once and produce evidence for all of them.

CERT-In

Information security audit empanelled by Indian CERT

RBI CSF

RBI Cyber Security Framework + System Audit Reports

SEBI CSCRF

Cybersecurity & Cyber Resilience Framework for capital markets

ISO 27001

ISMS implementation, internal audit and certification support

PCI-DSS

Payment card industry — ASV scans, internal audit, pentest

GDPR

Article 32 controls, DPIA, data flow mapping

HIPAA

Healthcare data protection (relevant for India + UAE health-tech)

UAE NESA / SIA

UAE National Electronic Security Authority compliance

Pan-India delivery · UAE / GCC

Regulator-format audits across India + UAE.

Macksofy CERT-In empanelled auditors travel from Mumbai BKC to RBI-regulated banks, SEBI-regulated brokers, IRDAI-regulated insurers and government bodies in every Indian metro.

Talk to us

Get a fixed-price proposal in 48 hours.

Tell us about your security need — pentest, audit, training or a wider engagement. A senior consultant will reply within a few business hours.

CERT-In Empanelled

Information Security Auditor · India

CERT-In Empanelled
EC-Council ATC · CompTIA Authorized
20,000+ professionals trained
India + UAE engagements